diff --git a/docs/getting-started.md b/docs/getting-started.md index de55c0a0..f7f268b8 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -12,7 +12,7 @@ This documentation should enable you to create your own evaluation instance of o * [Customize environment](#customize-environment) * [Domain](#domain) * [Apps](#apps) - * [Private OCI registry](#private-oci-registry) + * [Private Image registry](#private-image-registry) * [Private Helm registry](#private-helm-registry) * [Cluster capabilities](#cluster-capabilities) * [Service](#service) @@ -129,9 +129,9 @@ jitsi: enabled: false ``` -### Private OCI registry +### Private Image registry -By default, all OCI artifacts are proxied via the project's container registry, which should get replaced soon by the +By default, all OCI artifacts are proxied via the project's image registry, which should get replaced soon by the OCI registries provided by Open CoDE. You also can set your own registry by: @@ -156,12 +156,32 @@ global: ### Private Helm registry -Some apps use Chart Museum style helm registries. You can use your own registry by setting this environment variable: +Some apps use OCI style registry and some use Helm chart museum style registries. +In `helmfile/environments/default/charts.yaml` you can find all helm charts used and modify their registry, repository +or version. -```shell -export PRIVATE_CHART_REPOSITORY_URL=charts.open.desk +As an example, you can also use helmfile methods to use just a single environment variable to set registry and +authentication for all OCI helm charts. + +```yaml +charts: + certificates: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} ``` +There is a full example including http and OCI style registries in `examples/private-helm-registry.yaml.gotmpl`. +The following environment variables have to be exposed when using the example: + +| Environment variable | Description | +|-------------------------------------|--------------------------------------------------------------------------------------------| +| `OD_PRIVATE_HELM_OCI_REGISTRY` | Registry for OCI hosted helm charts, example: `external-registry.souvap-univention.de` | +| `OD_PRIVATE_HELM_HTTP_REGISTRY` | Registry URI for http hosted helm charts, `https://external-registry.souvap-univention.de` | +| `OD_PRIVATE_HELM_REGISTRY_USERNAME` | Username | +| `OD_PRIVATE_HELM_REGISTRY_PASSWORD` | Password | + + ### Cluster capabilities #### Service diff --git a/docs/security.md b/docs/security.md index 838bb255..1d687478 100644 --- a/docs/security.md +++ b/docs/security.md @@ -37,7 +37,7 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The | opendesk-keycloak-bootstrap-repo | yes | :white_check_mark: | | opendesk-nextcloud-bootstrap-repo | yes | :white_check_mark: | | opendesk-open-xchange-bootstrap-repo | yes | :white_check_mark: | -| openproject-repo | no | :x: | +| openproject-repo | yes | :white_check_mark: | | openxchange-repo | yes | :x: | | ox-connector-repo | no | :x: | | postfix-repo | yes | :white_check_mark: | @@ -84,7 +84,7 @@ This list gives you an overview of default security settings and if they comply | Open-Xchange | core-documentconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - | | | core-guidedtours | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | core-imageconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - | -| | core-mw-default | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - | +| | core-mw-default | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - | | | core-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | core-ui-middleware | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | core-ui-middleware-updater | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | @@ -93,11 +93,11 @@ This list gives you an overview of default security settings and if they comply | | guard-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | nextlcoud-integration-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | public-sector-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | -| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - | +| OpenProject | openproject | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | 1000 | | Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 | | PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 | | Redis | redis | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 0 | 1001 | -| UCC | univention-corporate-container | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - | +| UCC | univention-corporate-container | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - | | XWiki | xwiki | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 101 | | | xwiki initContainers | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 | diff --git a/examples/private-helm-registry.yaml.gotmpl b/examples/private-helm-registry.yaml.gotmpl new file mode 100644 index 00000000..216ac645 --- /dev/null +++ b/examples/private-helm-registry.yaml.gotmpl @@ -0,0 +1,266 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +charts: + certificates: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + clamav: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + clamavSimple: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + collabora: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + cryptpad: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + dovecot: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + element: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + elementWellKnown: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + intercomService: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + istioResources: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + jitsi: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + keycloak: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + keycloakBootstrap: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + keycloakExtensions: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + keycloakTheme: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + mariadb: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixNeoboardWidget: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixNeochoiseWidget: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixNeodatefixBot: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixNeodatefixWidget: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixUserVerificationService: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + memcached: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + minio: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + nextcloud: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + nextcloudBootstrap: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + nginx: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + openproject: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + openprojectBootstrap: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + openXchangeAppSuite: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + openXchangeAppSuiteBootstrap: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + otterize: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + oxConnector: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + postfix: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + postgresql: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + redis: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + synapse: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + synapseCreateAccount: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + synapseWeb: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsLdapNotifier: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsLdapServer: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsNotificationsApi: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsPortalFrontend: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsPortalListener: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsPortalServer: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsStackDataSwp: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsStackDataUms: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsStoreDav: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsUdmRestApi: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsUmcGateway: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsUmcServer: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + univentionCorporateServer: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + xwiki: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} +... diff --git a/helmfile/apps/collabora/helmfile.yaml b/helmfile/apps/collabora/helmfile.yaml index 9b86d662..2b40af7d 100644 --- a/helmfile/apps/collabora/helmfile.yaml +++ b/helmfile/apps/collabora/helmfile.yaml @@ -3,25 +3,19 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # Collabora Online # Source: https://github.com/CollaboraOnline/online - name: "collabora-online-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://collaboraonline.github.io/online" }} + username: "{{ .Values.charts.collabora.username }}" + password: {{ .Values.charts.collabora.password | quote }} + url: "{{ .Values.charts.collabora.registry }}/{{ .Values.charts.collabora.repository }}" releases: - # renovate: - # registryUrl=https://collaboraonline.github.io/online - # packageName=collabora-online - # dataSource=helm - # dependencyType=vendor - name: "collabora-online" - chart: "collabora-online-repo/collabora-online" - version: "1.0.2" + chart: "collabora-online-repo/{{ .Values.charts.collabora.name }}" + version: "{{ .Values.charts.collabora.version }}" values: - "values.yaml" - "values.gotmpl" diff --git a/helmfile/apps/cryptpad/helmfile.yaml b/helmfile/apps/cryptpad/helmfile.yaml index 821db806..0de0a820 100644 --- a/helmfile/apps/cryptpad/helmfile.yaml +++ b/helmfile/apps/cryptpad/helmfile.yaml @@ -3,25 +3,19 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # CryptPad # Source: https://github.com/cryptpad/helm - - name: "cryptpad-online-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://cryptpad.github.io/helm" }} + - name: "cryptpad-repo" + username: "{{ .Values.charts.cryptpad.username }}" + password: {{ .Values.charts.cryptpad.password | quote }} + url: "{{ .Values.charts.cryptpad.registry }}/{{ .Values.charts.cryptpad.repository }}" releases: - # renovate: - # registryUrl=https://cryptpad.github.io/helm - # packageName=cryptpad - # dataSource=helm - # dependencyType=vendor - name: "cryptpad" - chart: "cryptpad-online-repo/cryptpad" - version: "0.0.14" + chart: "cryptpad-repo/{{ .Values.charts.cryptpad.name }}" + version: "{{ .Values.charts.cryptpad.version }}" values: - "values.yaml" - "values.gotmpl" diff --git a/helmfile/apps/element/helmfile.yaml b/helmfile/apps/element/helmfile.yaml index b2bff4ae..13955d9c 100644 --- a/helmfile/apps/element/helmfile.yaml +++ b/helmfile/apps/element/helmfile.yaml @@ -7,177 +7,176 @@ bases: repositories: # openDesk Element # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/sovereign-workplace-element - - name: "opendesk-element-repo" + - name: "element-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.element.username }}" + password: {{ .Values.charts.element.password | quote }} + url: "{{ .Values.charts.element.registry }}/{{ .Values.charts.element.repository }}" + - name: "element-well-known-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.elementWellKnown.username }}" + password: {{ .Values.charts.elementWellKnown.password | quote }} + url: "{{ .Values.charts.elementWellKnown.registry }}/{{ .Values.charts.elementWellKnown.repository }}" + - name: "synapse-web-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.synapseWeb.username }}" + password: {{ .Values.charts.synapseWeb.password | quote }} + url: "{{ .Values.charts.synapseWeb.registry }}/{{ .Values.charts.synapseWeb.repository }}" + - name: "synapse-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.synapse.username }}" + password: {{ .Values.charts.synapse.password | quote }} + url: "{{ .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}" + - name: "synapse-create-account-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.synapseCreateAccount.username }}" + password: {{ .Values.charts.synapseCreateAccount.password | quote }} + url: "{{ .Values.charts.synapseCreateAccount.registry }}/{{ .Values.charts.synapseCreateAccount.repository }}" # openDesk Matrix Widgets # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/opendesk-matrix-widgets - - name: "opendesk-matrix-widgets-repo" + - name: "matrix-user-verification-service-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixUserVerificationService.verify }} + username: "{{ .Values.charts.matrixUserVerificationService.username }}" + password: {{ .Values.charts.matrixUserVerificationService.password | quote }} + url: "{{ .Values.charts.matrixUserVerificationService.registry }}/\ + {{ .Values.charts.matrixUserVerificationService.repository }}" + - name: "matrix-neoboard-widget-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixNeoboardWidget.verify }} + username: "{{ .Values.charts.matrixNeoboardWidget.username }}" + password: {{ .Values.charts.matrixNeoboardWidget.password | quote }} + url: "{{ .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}" + - name: "matrix-neochoice-widget-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixNeoboardWidget.verify }} + username: "{{ .Values.charts.matrixNeoboardWidget.username }}" + password: {{ .Values.charts.matrixNeoboardWidget.password | quote }} + url: "{{ .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}" + - name: "matrix-neodatefix-widget-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixNeodatefixWidget.verify }} + username: "{{ .Values.charts.matrixNeodatefixWidget.username }}" + password: {{ .Values.charts.matrixNeodatefixWidget.password | quote }} + url: "{{ .Values.charts.matrixNeodatefixWidget.registry }}/{{ .Values.charts.matrixNeodatefixWidget.repository }}" + - name: "matrix-neodatefix-bot-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixNeodatefixBot.verify }} + username: "{{ .Values.charts.matrixNeodatefixBot.username }}" + password: {{ .Values.charts.matrixNeodatefixBot.password | quote }} + url: "{{ .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}" + releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-element - # dataSource=docker - # dependencyType=vendor - name: "opendesk-element" - chart: "opendesk-element-repo/opendesk-element" - version: "2.6.0" + chart: "element-repo/{{ .Values.charts.element.name }}" + version: "{{ .Values.charts.element.version }}" values: - "values-element.yaml" - "values-element.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-well-known - # dataSource=docker - # dependencyType=vendor - name: "opendesk-well-known" - chart: "opendesk-element-repo/opendesk-well-known" - version: "2.6.0" + chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}" + version: "{{ .Values.charts.elementWellKnown.version }}" values: - "values-well-known.yaml" - "values-well-known.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-web - # dataSource=docker - # dependencyType=vendor - name: "opendesk-synapse-web" - chart: "opendesk-element-repo/opendesk-synapse-web" - version: "2.6.0" + chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}" + version: "{{ .Values.charts.synapseWeb.version }}" values: - "values-synapse-web.yaml" - "values-synapse-web.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse - # dataSource=docker - # dependencyType=vendor - name: "opendesk-synapse" - chart: "opendesk-element-repo/opendesk-synapse" - version: "2.6.0" + chart: "synapse-repo/{{ .Values.charts.synapse.name }}" + version: "{{ .Values.charts.synapse.version }}" values: - "values-synapse.yaml" - "values-synapse.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account - # dataSource=docker - # dependencyType=vendor - name: "opendesk-matrix-user-verification-service-bootstrap" - chart: "opendesk-element-repo/opendesk-synapse-create-account" - version: "2.6.0" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" values: - "values-matrix-user-verification-service-bootstrap.yaml" - "values-matrix-user-verification-service-bootstrap.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-matrix-user-verification-service - # dataSource=docker - # dependencyType=vendor - name: "opendesk-matrix-user-verification-service" - chart: "opendesk-element-repo/opendesk-matrix-user-verification-service" - version: "2.6.0" + chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}" + version: "{{ .Values.charts.matrixUserVerificationService.version }}" values: - "values-matrix-user-verification-service.yaml" - "values-matrix-user-verification-service.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neoboard-widget - # dataSource=docker - # dependencyType=vendor - name: "matrix-neoboard-widget" - chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget" - version: "3.3.0" + chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}" + version: "{{ .Values.charts.matrixNeoboardWidget.version }}" values: - "values-matrix-neoboard-widget.yaml" - "values-matrix-neoboard-widget.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neochoice-widget - # dataSource=docker - # dependencyType=vendor - name: "matrix-neochoice-widget" - chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget" - version: "3.3.0" + chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}" + version: "{{ .Values.charts.matrixNeochoiseWidget.version }}" values: - "values-matrix-neochoice-widget.yaml" - "values-matrix-neochoice-widget.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-widget - # dataSource=docker - # dependencyType=vendor - name: "matrix-neodatefix-widget" - chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget" - version: "3.3.0" + chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}" + version: "{{ .Values.charts.matrixNeodatefixWidget.version }}" values: - "values-matrix-neodatefix-widget.yaml" - "values-matrix-neodatefix-widget.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account - # dataSource=docker - # dependencyType=vendor - name: "matrix-neodatefix-bot-bootstrap" - chart: "opendesk-element-repo/opendesk-synapse-create-account" - version: "2.6.0" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" values: - "values-matrix-neodatefix-bot-bootstrap.yaml" - "values-matrix-neodatefix-bot-bootstrap.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-bot - # dataSource=docker - # dependencyType=vendor - name: "matrix-neodatefix-bot" - chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot" - version: "3.3.0" + chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}" + version: "{{ .Values.charts.matrixNeodatefixBot.version }}" values: - "values-matrix-neodatefix-bot.yaml" - "values-matrix-neodatefix-bot.gotmpl" diff --git a/helmfile/apps/intercom-service/helmfile.yaml b/helmfile/apps/intercom-service/helmfile.yaml index 3383934d..349c6584 100644 --- a/helmfile/apps/intercom-service/helmfile.yaml +++ b/helmfile/apps/intercom-service/helmfile.yaml @@ -3,28 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # Intercom Service # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service - name: "intercom-service-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/intercom-service" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.intercomService.verify }} + username: "{{ .Values.charts.intercomService.username }}" + password: {{ .Values.charts.intercomService.password | quote }} + url: "{{ .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/intercom-service/intercom-service - # dataSource=docker - # dependencyType=vendor - name: "intercom-service" - chart: "intercom-service-repo/intercom-service" - version: "2.0.1" + chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}" + version: "{{ .Values.charts.intercomService.version }}" values: - "values.yaml" - "values.gotmpl" diff --git a/helmfile/apps/jitsi/helmfile.yaml b/helmfile/apps/jitsi/helmfile.yaml index 80f7f5a2..98aaad61 100644 --- a/helmfile/apps/jitsi/helmfile.yaml +++ b/helmfile/apps/jitsi/helmfile.yaml @@ -3,28 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Jitsi # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-jitsi - name: "jitsi-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.jitsi.verify }} + username: "{{ .Values.charts.jitsi.username }}" + password: {{ .Values.charts.jitsi.password | quote }} + url: "{{ .Values.charts.jitsi.registry }}/{{ .Values.charts.jitsi.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-jitsi/sovereign-workplace-jitsi - # dataSource=docker - # dependencyType=vendor - name: "jitsi" - chart: "jitsi-repo/sovereign-workplace-jitsi" - version: "1.7.1" + chart: "jitsi-repo/{{ .Values.charts.jitsi.name }}" + version: "{{ .Values.charts.jitsi.version }}" values: - "values-jitsi.gotmpl" installed: {{ .Values.jitsi.enabled }} diff --git a/helmfile/apps/keycloak-bootstrap/helmfile.yaml b/helmfile/apps/keycloak-bootstrap/helmfile.yaml index 88846ebb..45f69649 100644 --- a/helmfile/apps/keycloak-bootstrap/helmfile.yaml +++ b/helmfile/apps/keycloak-bootstrap/helmfile.yaml @@ -3,30 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Keycloak Bootstrap # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-bootstrap - name: "opendesk-keycloak-bootstrap-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.keycloakBootstrap.verify }} + username: "{{ .Values.charts.keycloakBootstrap.username }}" + password: {{ .Values.charts.keycloakBootstrap.password | quote }} + url: "{{ .Values.charts.keycloakBootstrap.registry }}/{{ .Values.charts.keycloakBootstrap.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-keycloak-bootstrap/opendesk-keycloak-bootstrap - # dataSource=docker - # dependencyType=vendor - name: "opendesk-keycloak-bootstrap" - chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap" - version: "1.1.12" + chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.keycloakBootstrap.name }}" + version: "{{ .Values.charts.keycloakBootstrap.version }}" values: - "values-bootstrap.gotmpl" - "values-bootstrap.yaml" diff --git a/helmfile/apps/keycloak/helmfile.yaml b/helmfile/apps/keycloak/helmfile.yaml index 04dfe504..fa631242 100644 --- a/helmfile/apps/keycloak/helmfile.yaml +++ b/helmfile/apps/keycloak/helmfile.yaml @@ -3,54 +3,45 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # VMWare Bitnami # Source: https://github.com/bitnami/charts/ - - name: "bitnami-repo" + - name: "keycloak-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.keycloak.verify }} + username: "{{ .Values.charts.keycloak.username }}" + password: {{ .Values.charts.keycloak.password | quote }} + url: "{{ .Values.charts.keycloak.registry }}/{{ .Values.charts.keycloak.repository }}" + # openDesk Keycloak Theme # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-keycloak-theme - name: "keycloak-theme-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/keycloak-theme" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.keycloakTheme.verify }} + username: "{{ .Values.charts.keycloakTheme.username }}" + password: {{ .Values.charts.keycloakTheme.password | quote }} + url: "{{ .Values.charts.keycloakTheme.registry }}/{{ .Values.charts.keycloakTheme.repository }}" + # openDesk Keycloak Extensions - name: "keycloak-extensions-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable" }} + username: "{{ .Values.charts.keycloakExtensions.username }}" + password: {{ .Values.charts.keycloakExtensions.password | quote }} + url: "{{ .Values.charts.keycloakExtensions.registry }}/{{ .Values.charts.keycloakExtensions.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/keycloak-theme/opendesk-keycloak-theme - # dataSource=docker - # dependencyType=vendor - name: "keycloak-theme" - chart: "keycloak-theme-repo/opendesk-keycloak-theme" - version: "2.0.0" + chart: "keycloak-theme-repo/{{ .Values.charts.keycloakTheme.name }}" + version: "{{ .Values.charts.keycloakTheme.version }}" values: - "values-theme.gotmpl" installed: {{ .Values.keycloak.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/keycloak - # dataSource=docker - # dependencyType=vendor - name: "keycloak" - chart: "bitnami-repo/keycloak" - version: "12.1.5" + chart: "keycloak-repo/{{ .Values.charts.keycloak.name }}" + version: "{{ .Values.charts.keycloak.version }}" values: - "values-keycloak.gotmpl" - "values-keycloak.yaml" @@ -58,14 +49,9 @@ releases: wait: true installed: {{ .Values.keycloak.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable - # packageName=keycloak-extensions - # dataSource=helm - # dependencyType=vendor - name: "keycloak-extensions" - chart: "keycloak-extensions-repo/keycloak-extensions" - version: "0.1.0" + chart: "keycloak-extensions-repo/{{ .Values.charts.keycloakExtensions.name }}" + version: "{{ .Values.charts.keycloakExtensions.version }}" needs: - "keycloak" values: diff --git a/helmfile/apps/nextcloud/helmfile.yaml b/helmfile/apps/nextcloud/helmfile.yaml index a98501ed..ae8d94c7 100644 --- a/helmfile/apps/nextcloud/helmfile.yaml +++ b/helmfile/apps/nextcloud/helmfile.yaml @@ -3,37 +3,30 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Keycloak Bootstrap # Source: # https://gitlab.opencode.de/bmi/opendesk/components/charts/sovereign-workplace-nextcloud-bootstrap - - name: "opendesk-nextcloud-bootstrap-repo" + - name: "nextcloud-bootstrap-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.nextcloudBootstrap.verify }} + username: "{{ .Values.charts.nextcloudBootstrap.username }}" + password: {{ .Values.charts.nextcloudBootstrap.password | quote }} + url: "{{ .Values.charts.nextcloudBootstrap.registry }}/{{ .Values.charts.nextcloudBootstrap.repository }}" + # Nextcloud # Source: https://github.com/nextcloud/helm/ - name: "nextcloud-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://nextcloud.github.io/helm/" }} + username: "{{ .Values.charts.nextcloud.username }}" + password: {{ .Values.charts.nextcloud.password | quote }} + url: "{{ .Values.charts.nextcloud.registry }}/{{ .Values.charts.nextcloud.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap/opendesk-nextcloud-bootstrap - # dataSource=docker - # dependencyType=vendor - name: "opendesk-nextcloud-bootstrap" - chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap" - version: "3.2.6" + chart: "nextcloud-bootstrap-repo/{{ .Values.charts.nextcloudBootstrap.name }}" + version: "{{ .Values.charts.nextcloudBootstrap.version }}" wait: true waitForJobs: true values: @@ -42,14 +35,9 @@ releases: installed: {{ .Values.nextcloud.enabled }} timeout: 900 - # renovate: - # registryUrl=https://nextcloud.github.io/helm - # packageName=nextcloud - # dataSource=helm - # dependencyType=vendor - name: "nextcloud" - chart: "nextcloud-repo/nextcloud" - version: "3.5.19" + chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}" + version: "{{ .Values.charts.nextcloud.version }}" needs: - "opendesk-nextcloud-bootstrap" values: diff --git a/helmfile/apps/open-xchange/helmfile.yaml b/helmfile/apps/open-xchange/helmfile.yaml index d2c4ca36..d896271d 100644 --- a/helmfile/apps/open-xchange/helmfile.yaml +++ b/helmfile/apps/open-xchange/helmfile.yaml @@ -3,58 +3,49 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Dovecot # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-dovecot - - name: "opendesk-dovecot-repo" + - name: "dovecot-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/dovecot" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.dovecot.verify }} + username: "{{ .Values.charts.dovecot.username }}" + password: {{ .Values.charts.dovecot.password | quote }} + url: "{{ .Values.charts.dovecot.registry }}/{{ .Values.charts.dovecot.repository }}" + # Open-Xchange - - name: "openxchange-repo" + - name: "open-xchange-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }} + username: "{{ .Values.charts.openXchangeAppSuite.username }}" + password: {{ .Values.charts.openXchangeAppSuite.password | quote }} + url: "{{ .Values.charts.openXchangeAppSuite.registry }}/{{ .Values.charts.openXchangeAppSuite.repository }}" + # openDesk Open-Xchange Bootstrap # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-open-xchange-bootstrap - - name: "opendesk-open-xchange-bootstrap-repo" + - name: "open-xchange-bootstrap-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }} + username: "{{ .Values.charts.openXchangeAppSuiteBootstrap.username }}" + password: {{ .Values.charts.openXchangeAppSuiteBootstrap.password | quote }} + url: "{{ .Values.charts.openXchangeAppSuiteBootstrap.registry }}/\ + {{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/dovecot/dovecot - # dataSource=docker - # dependencyType=vendor - name: "dovecot" - chart: "opendesk-dovecot-repo/dovecot" - version: "1.3.6" + chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}" + version: "{{ .Values.charts.dovecot.version }}" values: - "values-dovecot.yaml" - "values-dovecot.gotmpl" installed: {{ .Values.dovecot.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.open-xchange.com - # packageName=appsuite-public-sector/charts/appsuite-public-sector - # dataSource=docker - # dependencyType=vendor - name: "open-xchange" - chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector" - version: "2.1.1" + chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}" + version: "{{ .Values.charts.openXchangeAppSuite.version }}" values: - "values-openxchange.yaml" - "values-openxchange.gotmpl" @@ -63,14 +54,9 @@ releases: installed: {{ .Values.oxAppsuite.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap - # dataSource=docker - # dependencyType=vendor - name: "opendesk-open-xchange-bootstrap" - chart: "opendesk-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap" - version: "1.3.1" + chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}" + version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}" values: - "values-openxchange-bootstrap.gotmpl" installed: {{ .Values.oxAppsuite.enabled }} diff --git a/helmfile/apps/openproject-bootstrap/helmfile.yaml b/helmfile/apps/openproject-bootstrap/helmfile.yaml index 29661ccd..82af63d9 100644 --- a/helmfile/apps/openproject-bootstrap/helmfile.yaml +++ b/helmfile/apps/openproject-bootstrap/helmfile.yaml @@ -3,30 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk OpenProject Bootstrap # Source: Set when repo is managed on Open CoDE - - name: "opendesk-openproject-bootstrap-repo" + - name: "openproject-bootstrap-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.openprojectBootstrap.verify }} + username: "{{ .Values.charts.openprojectBootstrap.username }}" + password: {{ .Values.charts.openprojectBootstrap.password | quote }} + url: "{{ .Values.charts.openprojectBootstrap.registry }}/{{ .Values.charts.openprojectBootstrap.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap - # dataSource=docker - # dependencyType=vendor - name: "opendesk-openproject-bootstrap" - chart: "opendesk-openproject-bootstrap-repo/opendesk-openproject-bootstrap" - version: "1.2.1" + chart: "openproject-bootstrap-repo/{{ .Values.charts.openprojectBootstrap.name }}" + version: "{{ .Values.charts.openprojectBootstrap.version }}" wait: true waitForJobs: true values: diff --git a/helmfile/apps/openproject/helmfile.yaml b/helmfile/apps/openproject/helmfile.yaml index 5dec528f..80e27273 100644 --- a/helmfile/apps/openproject/helmfile.yaml +++ b/helmfile/apps/openproject/helmfile.yaml @@ -3,27 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # OpenProject # Source: https://github.com/opf/helm-charts - name: "openproject-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://charts.openproject.org" }} - verify: true + oci: true keyring: "../../files/gpg-pubkeys/openproject-com.gpg" + verify: {{ .Values.charts.openproject.verify }} + username: "{{ .Values.charts.openproject.username }}" + password: {{ .Values.charts.openproject.password | quote }} + url: "{{ .Values.charts.openproject.registry }}/{{ .Values.charts.openproject.repository }}" releases: - # renovate: - # registryUrl=https://charts.openproject.org - # packageName=openproject - # dataSource=helm - # dependencyType=vendor - name: "openproject" - chart: "openproject-repo/openproject" - version: "2.6.2" + chart: "openproject-repo/{{ .Values.charts.openproject.name }}" + version: "{{ .Values.charts.openproject.version }}" wait: true waitForJobs: true values: diff --git a/helmfile/apps/openproject/values.yaml b/helmfile/apps/openproject/values.yaml index 0d7b8327..996581ad 100644 --- a/helmfile/apps/openproject/values.yaml +++ b/helmfile/apps/openproject/values.yaml @@ -30,11 +30,18 @@ openproject: # seed will only be executed on initial installation seed_locale: "de" -securityContext: +containerSecurityContext: + enabled: true + runAsUser: 1000 + runAsGroup: 1000 allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" seccompProfile: type: "RuntimeDefault" - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true + runAsNonRoot: true persistence: enabled: false diff --git a/helmfile/apps/provisioning/helmfile.yaml b/helmfile/apps/provisioning/helmfile.yaml index 672aaedf..dae4c99b 100644 --- a/helmfile/apps/provisioning/helmfile.yaml +++ b/helmfile/apps/provisioning/helmfile.yaml @@ -3,24 +3,18 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # OX Connector - name: "ox-connector-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable" }} + username: "{{ .Values.charts.oxConnector.username }}" + password: {{ .Values.charts.oxConnector.password | quote }} + url: "{{ .Values.charts.oxConnector.registry }}/{{ .Values.charts.oxConnector.repository }}" releases: - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable - # packageName=ox-connector - # dataSource=helm - # dependencyType=vendor - name: "ox-connector" - chart: "ox-connector-repo/ox-connector" - version: "0.1.0-pre-jconde-listener-entrypoint-chaining" + chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}" + version: "{{ .Values.charts.oxConnector.version }}" values: - "values-oxconnector.yaml" - "values-oxconnector.gotmpl" diff --git a/helmfile/apps/services/helmfile.yaml b/helmfile/apps/services/helmfile.yaml index 8e661a5e..a0e1a8ca 100644 --- a/helmfile/apps/services/helmfile.yaml +++ b/helmfile/apps/services/helmfile.yaml @@ -3,224 +3,194 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Otterize # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-otterize - - name: "opendesk-otterize-repo" + - name: "otterize-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-otterize" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.otterize.verify }} + username: "{{ .Values.charts.otterize.username }}" + password: {{ .Values.charts.otterize.password | quote }} + url: "{{ .Values.charts.otterize.registry }}/{{ .Values.charts.otterize.repository }}" + # openDesk Certificates # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-certificates - - name: "opendesk-certificates-repo" + - name: "certificates-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.certificates.verify }} + username: "{{ .Values.charts.certificates.username }}" + password: {{ .Values.charts.certificates.password | quote }} + url: "{{ .Values.charts.certificates.registry }}/{{ .Values.charts.certificates.repository }}" + # openDesk PostgreSQL # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postgresql - name: "postgresql-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postgresql" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.postgresql.verify }} + username: "{{ .Values.charts.postgresql.username }}" + password: {{ .Values.charts.postgresql.password | quote }} + url: "{{ .Values.charts.postgresql.registry }}/{{ .Values.charts.postgresql.repository }}" + # openDesk MariaDB - # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-mariadb + # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-mariadb - name: "mariadb-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/mariadb" }} - verify: true - keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.mariadb.verify }} + username: "{{ .Values.charts.mariadb.username }}" + password: {{ .Values.charts.mariadb.password | quote }} + url: "{{ .Values.charts.mariadb.registry }}/{{ .Values.charts.mariadb.repository }}" + # openDesk Postfix # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postfix - name: "postfix-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postfix" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.postfix.verify }} + username: "{{ .Values.charts.postfix.username }}" + password: {{ .Values.charts.postfix.password | quote }} + url: "{{ .Values.charts.postfix.registry }}/{{ .Values.charts.postfix.repository }}" + # openDesk Istio Resources # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-istio-resources - name: "istio-resources-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/istio-ressources" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.istioResources.verify }} + username: "{{ .Values.charts.istioResources.username }}" + password: {{ .Values.charts.istioResources.password | quote }} + url: "{{ .Values.charts.istioResources.registry }}/{{ .Values.charts.istioResources.repository }}" + # openDesk ClamAV # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-clamav - name: "clamav-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/clamav" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.clamav.verify }} + username: "{{ .Values.charts.clamav.username }}" + password: {{ .Values.charts.clamav.password | quote }} + url: "{{ .Values.charts.clamav.registry }}/{{ .Values.charts.clamav.repository }}" + - name: "clamav-simple-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.clamavSimple.verify }} + username: "{{ .Values.charts.clamavSimple.username }}" + password: {{ .Values.charts.clamavSimple.password | quote }} + url: "{{ .Values.charts.clamavSimple.registry }}/{{ .Values.charts.clamavSimple.repository }}" + # VMWare Bitnami # Source: https://github.com/bitnami/charts/ - - name: "bitnami-repo" + - name: "memcached-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.memcached.verify }} + username: "{{ .Values.charts.memcached.username }}" + password: {{ .Values.charts.memcached.password | quote }} + url: "{{ .Values.charts.memcached.registry }}/{{ .Values.charts.memcached.repository }}" + - name: "redis-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.redis.verify }} + username: "{{ .Values.charts.redis.username }}" + password: {{ .Values.charts.redis.password | quote }} + url: "{{ .Values.charts.redis.registry }}/{{ .Values.charts.redis.repository }}" + - name: "minio-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.minio.verify }} + username: "{{ .Values.charts.minio.username }}" + password: {{ .Values.charts.minio.password | quote }} + url: "{{ .Values.charts.minio.registry }}/{{ .Values.charts.minio.repository }}" + releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-otterize/opendesk-otterize - # dataSource=docker - # dependencyType=service - name: "opendesk-otterize" - chart: "opendesk-otterize-repo/opendesk-otterize" - version: "1.1.3" + chart: "otterize-repo/{{ .Values.charts.otterize.name }}" + version: "{{ .Values.charts.otterize.version }}" values: - "values-otterize.gotmpl" installed: {{ .Values.security.otterizeIntents.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates - # dataSource=docker - # dependencyType=service + - name: "opendesk-certificates" - chart: "opendesk-certificates-repo/opendesk-certificates" - version: "2.1.0" + chart: "certificates-repo/{{ .Values.charts.certificates.name }}" + version: "{{ .Values.charts.certificates.version }}" values: - "values-certificates.gotmpl" installed: {{ .Values.certificates.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/redis - # dataSource=docker - # dependencyType=service - name: "redis" - chart: "bitnami-repo/redis" - version: "18.1.2" + chart: "redis-repo/{{ .Values.charts.redis.name }}" + version: "{{ .Values.charts.redis.version }}" values: - "values-redis.gotmpl" - "values-redis.yaml" installed: {{ .Values.redis.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/memcached - # dataSource=docker - # dependencyType=service - name: "memcached" - chart: "bitnami-repo/memcached" - version: "6.6.2" + chart: "memcached-repo/{{ .Values.charts.memcached.name }}" + version: "{{ .Values.charts.memcached.version }}" values: - "values-memcached.yaml" - "values-memcached.gotmpl" installed: {{ .Values.memcached.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/postgresql/postgresql - # dataSource=docker - # dependencyType=service - name: "postgresql" - chart: "postgresql-repo/postgresql" - version: "2.0.3" + chart: "postgresql-repo/{{ .Values.charts.postgresql.name }}" + version: "{{ .Values.charts.postgresql.version }}" values: - "values-postgresql.yaml" - "values-postgresql.gotmpl" installed: {{ .Values.postgresql.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/mariadb/mariadb - # dataSource=docker - # dependencyType=service - name: "mariadb" - chart: "mariadb-repo/mariadb" - version: "2.1.1" + chart: "mariadb-repo/{{ .Values.charts.mariadb.name }}" + version: "{{ .Values.charts.mariadb.version }}" values: - "values-mariadb.yaml" - "values-mariadb.gotmpl" installed: {{ .Values.mariadb.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/postfix/postfix - # dataSource=docker - # dependencyType=service - name: "postfix" - chart: "postfix-repo/postfix" - version: "2.0.4" + chart: "postfix-repo/{{ .Values.charts.postfix.name }}" + version: "{{ .Values.charts.postfix.version }}" values: - "values-postfix.yaml" - "values-postfix.gotmpl" installed: {{ .Values.postfix.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/clamav/opendesk-clamav - # dataSource=docker - # dependencyType=service - name: "clamav" - chart: "clamav-repo/opendesk-clamav" - version: "4.0.0" + chart: "clamav-repo/{{ .Values.charts.clamav.name }}" + version: "{{ .Values.charts.clamav.version }}" values: - "values-clamav-distributed.yaml" - "values-clamav-distributed.gotmpl" installed: {{ .Values.clamavDistributed.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/clamav/clamav-simple - # dataSource=docker - # dependencyType=service - name: "clamav-simple" - chart: "clamav-repo/clamav-simple" - version: "4.0.0" + chart: "clamav-simple-repo/{{ .Values.charts.clamavSimple.name }}" + version: "{{ .Values.charts.clamavSimple.version }}" values: - "values-clamav-simple.yaml" - "values-clamav-simple.gotmpl" installed: {{ .Values.clamavSimple.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/istio-ressources/istio-gateway - # dataSource=docker - # dependencyType=service - name: "opendesk-gateway" - chart: "istio-resources-repo/istio-gateway" - version: "2.0.0" + chart: "istio-resources-repo/{{ .Values.charts.istioResources.name }}" + version: "{{ .Values.charts.istioResources.version }}" values: - "values-istio-gateway.yaml" - "values-istio-gateway.gotmpl" installed: {{ .Values.istio.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/minio - # dataSource=docker - # dependencyType=service - name: "minio" - chart: "bitnami-repo/minio" - version: "12.8.19" + chart: "minio-repo/{{ .Values.charts.minio.name }}" + version: "{{ .Values.charts.minio.version }}" values: - "values-minio.yaml" - "values-minio.gotmpl" diff --git a/helmfile/apps/services/values-mariadb.gotmpl b/helmfile/apps/services/values-mariadb.gotmpl index d9cd3f33..e379c3f5 100644 --- a/helmfile/apps/services/values-mariadb.gotmpl +++ b/helmfile/apps/services/values-mariadb.gotmpl @@ -8,6 +8,9 @@ global: imagePullSecrets: {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} +cleanup: + deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} + image: repository: {{ .Values.images.mariadb.repository | quote }} tag: {{ .Values.images.mariadb.tag | quote }} diff --git a/helmfile/apps/univention-corporate-container/helmfile.yaml b/helmfile/apps/univention-corporate-container/helmfile.yaml index fd5ca994..e7cf9336 100644 --- a/helmfile/apps/univention-corporate-container/helmfile.yaml +++ b/helmfile/apps/univention-corporate-container/helmfile.yaml @@ -3,29 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Univention Corporate Server (as eval Container) - name: "univention-corporate-container-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/univention-corporate-container" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.univentionCorporateServer.verify }} + username: "{{ .Values.charts.univentionCorporateServer.username }}" + password: {{ .Values.charts.univentionCorporateServer.password | quote }} + url: "{{ .Values.charts.univentionCorporateServer.registry }}/\ + {{ .Values.charts.univentionCorporateServer.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/univention-corporate-container/univention-corporate-container - # dataSource=docker - # dependencyType=vendor - name: "univention-corporate-container" - chart: "univention-corporate-container-repo/univention-corporate-container" - version: "1.0.10" + chart: "univention-corporate-container-repo/{{ .Values.charts.univentionCorporateServer.name }}" + version: "{{ .Values.charts.univentionCorporateServer.version }}" values: - "values.yaml" - "values.gotmpl" diff --git a/helmfile/apps/univention-management-stack/helmfile.yaml b/helmfile/apps/univention-management-stack/helmfile.yaml index cc31095d..2ce2eb01 100644 --- a/helmfile/apps/univention-management-stack/helmfile.yaml +++ b/helmfile/apps/univention-management-stack/helmfile.yaml @@ -3,7 +3,6 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # Univention Management Stack @@ -13,50 +12,35 @@ repositories: default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }} # VMWare Bitnami # Source: https://github.com/bitnami/charts/ - - name: "bitnami-repo" + - name: "nginx-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.nginx.verify }} + username: "{{ .Values.charts.nginx.username }}" + password: {{ .Values.charts.nginx.password | quote }} + url: "{{ .Values.charts.nginx.registry }}/{{ .Values.charts.nginx.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/nginx - # dataSource=docker - # dependencyType=vendor - name: "ums-stack-gateway" - chart: "bitnami-repo/nginx" - version: "15.3.5" + chart: "nginx-repo/{{ .Values.charts.nginx.name }}" + version: "{{ .Values.charts.nginx.version }}" values: - "values-ums-stack-gateway.gotmpl" - "values-ums-stack-gateway.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=store-dav - # dataSource=helm - # dependencyType=vendor - name: "ums-store-dav" - chart: "ums-repo/store-dav" - version: "0.7.0" + chart: "ums-repo/{{ .Values.charts.umsStoreDav.name }}" + version: "{{ .Values.charts.umsStoreDav.version }}" values: - "values-common.gotmpl" - "values-common.yaml" - "values-store-dav.gotmpl" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=ldap-server - # dataSource=helm - # dependencyType=vendor - name: "ums-ldap-server" - chart: "ums-repo/ldap-server" - version: "0.7.0" + chart: "ums-repo/{{ .Values.charts.umsLdapServer.name }}" + version: "{{ .Values.charts.umsLdapServer.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -64,14 +48,9 @@ releases: - "values-ldap-server.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=ldap-notifier - # dataSource=helm - # dependencyType=vendor - name: "ums-ldap-notifier" - chart: "ums-repo/ldap-notifier" - version: "0.7.0" + chart: "ums-repo/{{ .Values.charts.umsLdapNotifier.name }}" + version: "{{ .Values.charts.umsLdapNotifier.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -79,14 +58,9 @@ releases: - "values-ldap-notifier.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=udm-rest-api - # dataSource=helm - # dependencyType=vendor - name: "ums-udm-rest-api" - chart: "ums-repo/udm-rest-api" - version: "0.3.5" + chart: "ums-repo/{{ .Values.charts.umsUdmRestApi.name }}" + version: "{{ .Values.charts.umsUdmRestApi.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -94,14 +68,9 @@ releases: - "values-udm-rest-api.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=stack-data-ums - # dataSource=helm - # dependencyType=vendor - name: "ums-stack-data-ums" - chart: "ums-repo/stack-data-ums" - version: "0.38.1" + chart: "ums-repo/{{ .Values.charts.umsStackDataUms.name }}" + version: "{{ .Values.charts.umsStackDataUms.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -109,14 +78,9 @@ releases: - "values-stack-data-ums.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=stack-data-swp - # dataSource=helm - # dependencyType=vendor - name: "ums-stack-data-swp" - chart: "ums-repo/stack-data-swp" - version: "0.38.1" + chart: "ums-repo/{{ .Values.charts.umsStackDataSwp.name }}" + version: "{{ .Values.charts.umsStackDataSwp.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -124,14 +88,9 @@ releases: - "values-stack-data-swp.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=portal-server - # dataSource=helm - # dependencyType=vendor - name: "ums-portal-server" - chart: "ums-repo/portal-server" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsPortalServer.name }}" + version: "{{ .Values.charts.umsPortalServer.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -139,14 +98,9 @@ releases: - "values-portal-server.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=notifications-api - # dataSource=helm - # dependencyType=vendor - name: "ums-notifications-api" - chart: "ums-repo/notifications-api" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsNotificationsApi.name }}" + version: "{{ .Values.charts.umsNotificationsApi.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -154,14 +108,9 @@ releases: - "values-notifications-api.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=portal-listener - # dataSource=helm - # dependencyType=vendor - name: "ums-portal-listener" - chart: "ums-repo/portal-listener" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsPortalListener.name }}" + version: "{{ .Values.charts.umsPortalListener.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -169,14 +118,9 @@ releases: - "values-portal-listener.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=portal-frontend - # dataSource=helm - # dependencyType=vendor - name: "ums-portal-frontend" - chart: "ums-repo/portal-frontend" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsPortalFrontend.name }}" + version: "{{ .Values.charts.umsPortalFrontend.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -184,14 +128,9 @@ releases: - "values-portal-frontend.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=umc-gateway - # dataSource=helm - # dependencyType=vendor - name: "ums-umc-gateway" - chart: "ums-repo/umc-gateway" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsUmcGateway.name }}" + version: "{{ .Values.charts.umsUmcGateway.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -199,14 +138,9 @@ releases: - "values-umc-gateway.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=umc-server - # dataSource=helm - # dependencyType=vendor - name: "ums-umc-server" - chart: "ums-repo/umc-server" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsUmcServer.name }}" + version: "{{ .Values.charts.umsUmcServer.version }}" values: - "values-common.gotmpl" - "values-common.yaml" diff --git a/helmfile/apps/xwiki/helmfile.yaml b/helmfile/apps/xwiki/helmfile.yaml index 1f8de78b..c7bb5f9a 100644 --- a/helmfile/apps/xwiki/helmfile.yaml +++ b/helmfile/apps/xwiki/helmfile.yaml @@ -3,25 +3,19 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # XWiki # Source: https://github.com/xwiki-contrib/xwiki-helm - name: "xwiki-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://xwiki-contrib.github.io/xwiki-helm" }} + username: "{{ .Values.charts.xwiki.username }}" + password: {{ .Values.charts.xwiki.password | quote }} + url: "{{ .Values.charts.xwiki.registry }}/{{ .Values.charts.xwiki.repository }}" releases: - # renovate: - # registryUrl=https://xwiki-contrib.github.io/xwiki-helm - # packageName=xwiki - # dataSource=helm - # dependencyType=vendor - name: "xwiki" - chart: "xwiki-repo/xwiki" - version: "1.2.3" + chart: "xwiki-repo/{{ .Values.charts.xwiki.name }}" + version: "{{ .Values.charts.xwiki.version }}" wait: true values: - "values.yaml" diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml new file mode 100644 index 00000000..3504a16d --- /dev/null +++ b/helmfile/environments/default/charts.yaml @@ -0,0 +1,714 @@ +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +charts: + certificates: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates" + name: "opendesk-certificates" + version: "2.1.0" + verify: true + username: ~ + password: ~ + + clamav: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/clamav/opendesk-clamav + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/clamav" + name: "opendesk-clamav" + version: "4.0.0" + verify: true + username: ~ + password: ~ + + clamavSimple: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/clamav/clamav-simple + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/clamav" + name: "clamav-simple" + version: "4.0.0" + verify: true + username: ~ + password: ~ + + collabora: + # renovate: + # registryUrl=https://collaboraonline.github.io/online + # packageName=collabora-online + # dataSource=helm + # dependencyType=vendor + registry: "https://collaboraonline.github.io" + repository: "online" + name: "collabora-online" + version: "1.0.2" + username: ~ + password: ~ + + cryptpad: + # renovate: + # registryUrl=https://cryptpad.github.io/helm + # packageName=cryptpad + # dataSource=helm + # dependencyType=vendor + registry: "https://cryptpad.github.io" + repository: "helm" + name: "cryptpad" + version: "0.0.14" + username: ~ + password: ~ + + dovecot: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/dovecot/dovecot + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/dovecot" + name: "dovecot" + version: "1.3.6" + verify: true + username: ~ + password: ~ + + element: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-element + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-element" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + elementWellKnown: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-well-known + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-well-known" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + intercomService: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/intercom-service/intercom-service + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/intercom-service" + name: "intercom-service" + version: "2.0.1" + verify: true + username: ~ + password: ~ + + istioResources: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/istio-ressources/istio-gateway + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/istio-ressources" + name: "istio-gateway" + version: "2.0.0" + verify: true + username: ~ + password: ~ + + jitsi: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-jitsi/sovereign-workplace-jitsi + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi" + name: "sovereign-workplace-jitsi" + version: "1.7.1" + verify: true + username: ~ + password: ~ + + keycloak: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/keycloak + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "keycloak" + version: "12.1.5" + verify: true + username: ~ + password: ~ + + keycloakBootstrap: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap/sovereign-workplace-keycloak-bootstrap + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap" + name: "sovereign-workplace-keycloak-bootstrap" + version: "1.1.12" + verify: true + username: ~ + password: ~ + + keycloakExtensions: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable + # packageName=keycloak-extensions + # dataSource=helm + # dependencyType=vendor + registry: "https://gitlab.souvap-univention.de" + repository: "api/v4/projects/77/packages/helm/stable" + name: "keycloak-extensions" + version: "0.1.0" + username: ~ + password: ~ + + keycloakTheme: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/keycloak-theme/opendesk-keycloak-theme + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/keycloak-theme" + name: "opendesk-keycloak-theme" + version: "2.0.0" + verify: true + username: ~ + password: ~ + + mariadb: + # renovate: + # registryUrl=https://registry.opencode.de + # packageName=bmi/opendesk/components/charts/opendesk-mariadb/mariadb + # dataSource=docker + # dependencyType=service + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/charts/opendesk-mariadb" + name: "mariadb" + version: "2.2.0" + verify: true + username: ~ + password: ~ + + matrixNeoboardWidget: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neoboard-widget + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" + name: "matrix-neoboard-widget" + version: "3.3.0" + verify: true + username: ~ + password: ~ + + matrixNeochoiseWidget: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neochoice-widget + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" + name: "matrix-neochoice-widget" + version: "3.3.0" + verify: true + username: ~ + password: ~ + + matrixNeodatefixBot: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-bot + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" + name: "matrix-neodatefix-bot" + version: "3.3.0" + verify: true + username: ~ + password: ~ + + matrixNeodatefixWidget: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-widget + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" + name: "matrix-neodatefix-widget" + version: "3.3.0" + verify: true + username: ~ + password: ~ + + matrixUserVerificationService: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-matrix-user-verification-service + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-matrix-user-verification-service" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + memcached: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/memcached + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "memcached" + version: "6.6.2" + verify: true + username: ~ + password: ~ + + minio: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/minio + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "minio" + version: "12.8.19" + verify: true + username: ~ + password: ~ + + nextcloud: + # renovate: + # registryUrl=https://nextcloud.github.io/helm + # packageName=nextcloud + # dataSource=helm + # dependencyType=vendor + registry: "https://nextcloud.github.io" + repository: "helm" + name: "nextcloud" + version: "3.5.19" + username: ~ + password: ~ + + nextcloudBootstrap: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap/opendesk-nextcloud-bootstrap + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" + name: "opendesk-nextcloud-bootstrap" + version: "3.2.6" + verify: true + username: ~ + password: ~ + + nginx: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/nginx + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "nginx" + version: "15.3.5" + verify: true + username: ~ + password: ~ + + openproject: + # renovate: + # registryUrl=https://ghcr.io + # packageName=opf/helm-charts/openproject + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/opf/helm-charts" + name: "openproject" + version: "3.0.2" + verify: true + username: ~ + password: ~ + + openprojectBootstrap: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap" + name: "opendesk-openproject-bootstrap" + version: "1.2.1" + verify: true + username: ~ + password: ~ + + openXchangeAppSuite: + # renovate: + # registryUrl=https://registry.open-xchange.com + # packageName=appsuite-public-sector/charts/appsuite-public-sector + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/appsuite-public-sector/charts" + name: "appsuite-public-sector" + version: "2.1.1" + username: ~ + password: ~ + + openXchangeAppSuiteBootstrap: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap" + name: "sovereign-workplace-open-xchange-bootstrap" + version: "1.3.1" + verify: true + username: ~ + password: ~ + + otterize: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-otterize/opendesk-otterize + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-otterize" + name: "opendesk-otterize" + version: "1.1.3" + verify: true + username: ~ + password: ~ + + oxConnector: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable + # packageName=ox-connector + # dataSource=helm + # dependencyType=vendor + registry: "https://gitlab.souvap-univention.de" + repository: "api/v4/projects/128/packages/helm/stable" + name: "ox-connector" + version: "0.1.0-pre-jconde-listener-entrypoint-chaining" + username: ~ + password: ~ + + postfix: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/postfix/postfix + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/postfix" + name: "postfix" + version: "2.0.4" + verify: true + username: ~ + password: ~ + + postgresql: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/postgresql/postgresql + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/postgresql" + name: "postgresql" + version: "2.0.3" + verify: true + username: ~ + password: ~ + + redis: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/redis + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "redis" + version: "18.1.2" + verify: true + username: ~ + password: ~ + + synapse: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-synapse" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + synapseCreateAccount: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-synapse-create-account" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + synapseWeb: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-web + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-synapse-web" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + umsLdapNotifier: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=ldap-notifier + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "ldap-notifier" + version: "0.7.0" + username: ~ + password: ~ + + umsLdapServer: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=ldap-server + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "ldap-server" + version: "0.7.0" + username: ~ + password: ~ + + umsNotificationsApi: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=notifications-api + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "notifications-api" + version: "0.6.1" + username: ~ + password: ~ + + umsPortalFrontend: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=portal-frontend + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "portal-frontend" + version: "0.6.1" + username: ~ + password: ~ + + umsPortalListener: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=portal-listener + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "portal-listener" + version: "0.6.1" + username: ~ + password: ~ + + umsPortalServer: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=portal-server + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "portal-server" + version: "0.6.1" + username: ~ + password: ~ + + umsStackDataSwp: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=stack-data-swp + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "stack-data-swp" + version: "0.38.1" + username: ~ + password: ~ + + umsStackDataUms: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=stack-data-ums + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "stack-data-ums" + version: "0.38.1" + username: ~ + password: ~ + + umsStoreDav: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=store-dav + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "store-dav" + version: "0.7.0" + username: ~ + password: ~ + + umsUdmRestApi: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=udm-rest-api + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "udm-rest-api" + version: "0.3.5" + username: ~ + password: ~ + + umsUmcGateway: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=umc-gateway + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "umc-gateway" + version: "0.6.1" + username: ~ + password: ~ + + umsUmcServer: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=umc-server + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "umc-server" + version: "0.6.1" + username: ~ + password: ~ + + univentionCorporateServer: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/univention-corporate-container/univention-corporate-container + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/univention-corporate-container" + name: "univention-corporate-container" + version: "1.0.10" + verify: true + username: ~ + password: ~ + + xwiki: + # renovate: + # registryUrl=https://xwiki-contrib.github.io/xwiki-helm + # packageName=xwiki + # dataSource=helm + # dependencyType=vendor + registry: "https://xwiki-contrib.github.io" + repository: "xwiki-helm" + name: "xwiki" + version: "1.2.3" + verify: true + username: ~ + password: ~ +... diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 2a264747..19eab77f 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -219,7 +219,7 @@ images: # registryUrl=https://docker.io # dependencyType=vendor repository: "openproject/open_desk" - tag: "release-13.1@sha256:1dc528de7e38d9c461188e53b2153b1a5ede374f83dde7b32d9c7c057c802178" + tag: "release-13.1@sha256:b1e6d55d913bb2dfc34caae364c54ff524c0676a74da1c036d0e64557ef42795" # @supplier: "OpenProject" openprojectInitDb: # renovate: diff --git a/helmfile/files/gpg-pubkeys/opencode.gpg b/helmfile/files/gpg-pubkeys/opencode.gpg new file mode 100644 index 00000000..11dccb2c Binary files /dev/null and b/helmfile/files/gpg-pubkeys/opencode.gpg differ diff --git a/helmfile/files/gpg-pubkeys/opencode.gpg.license b/helmfile/files/gpg-pubkeys/opencode.gpg.license new file mode 100644 index 00000000..23975ea6 --- /dev/null +++ b/helmfile/files/gpg-pubkeys/opencode.gpg.license @@ -0,0 +1,2 @@ +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 diff --git a/helmfile/files/gpg-pubkeys/openproject-com.gpg b/helmfile/files/gpg-pubkeys/openproject-com.gpg index bcbebd1d..fc415dac 100644 Binary files a/helmfile/files/gpg-pubkeys/openproject-com.gpg and b/helmfile/files/gpg-pubkeys/openproject-com.gpg differ